CVE-2024-26132

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26132
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26132.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26132
Aliases
  • GHSA-8wj9-cx7h-pvm4
Published
2024-02-20T18:30:26Z
Modified
2025-11-12T15:17:26.500052Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Element Android can be asked to share internal files.
Details

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set android:exported="false" in the AndroidManifest.xml file for the IncomingShareActivity activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/vector-im/element-ios

Affected ranges

Type
GIT
Repo
https://github.com/vector-im/element-ios
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6f236bab2bb3970279dc97904ecfa168a8135428

Affected versions

Other

before_privacy_merge

test0.*

test0.0.1

v0.*

v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.8
v0.1.9
v0.1.x
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.3.10
v0.3.11
v0.3.12
v0.3.13
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5

v1.*

v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.2
v1.6.4
v1.6.5
v1.6.6
v1.6.8
v1.6.9

Git / github.com/element-hq/element-android

Affected ranges

Type
GIT
Repo
https://github.com/element-hq/element-android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8f9695a9a8d944cb9b92568cbd76578c51d32e07

Affected versions

Other

riot-android-beta-0-91-0
riot-android-beta-0-91-1
riot-android-beta-0-91-2

v0.*

v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.20.0
v0.21.0
v0.22.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.9.0
v0.9.1
v0.91.3-beta
v0.91.4-beta
v0.91.5

v1.*

v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.7-RC2
v1.3.8
v1.3.9
v1.4.0
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.16
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.22
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.27-RC2
v1.4.28
v1.4.30
v1.4.31
v1.4.32
v1.4.34
v1.4.36
v1.4.4
v1.4.6
v1.4.7
v1.4.8
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.16
v1.5.18
v1.5.2
v1.5.20
v1.5.22
v1.5.24
v1.5.25
v1.5.26
v1.5.28
v1.5.30
v1.5.32
v1.5.4
v1.5.6
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.5
v1.6.6
v1.6.8